Organisations rarely see it coming. While all eyes are looking to the perimeter to thwart a data breach by unknown hackers across the ocean, a potential insider threat sits just a few feet away, interacting with valuable data.
Do you have visibility into their activity, and an understanding of their motivations?
A trusted colleague or vetted third-party vendor with access to your organisation’s files and systems shouldn’t be overlooked in your data security plans. These insiders pose a potential threat to the security of your organisation just as much as someone trying to break in from the outside.
The reason: it can be difficult to detect when an insider is performing a regular task with legitimate access, or whether they are acting out of turn. Making matters even more complicated, it can be tricky to deduce whether that insider is acting negligently or maliciously.
To shed some light on how an insider threat tends to unfold, breaking down potential sources of risk, the role of technology, the importance of time when discovering potential threats, popular monitoring methods, and how to understand the people behind the threat.
5 Things to Know About Insider Threats
-
Every Business Function is a Potential Insider Threat Risk
It’s easy to assume that only financial and legal documents are at risk from a potential insider threat, but the reality is that every business function is at risk.
Insider threats can be both malicious or unintentional, and even the intentions of a malicious insider can vary. If insiders are interacting with a variety of data every day, you have to assume that it is all at risk.
Data at risk may include (but is not limited to): personally identifying information, account credentials, strategy documents, email lists, interactions, and so much more.
-
New Technology Improves Productivity but Increases Risk
Technology often makes our lives easier, but in the cybersecurity sense, it can also create new headaches. With each new application or account request or installation comes a bevy of new ways for insider to create, share, and access organisation owned data. This is especially the case, thanks to cloud-based applications that allow insiders to work anywhere, anytime, with anyone.
Convenience is a key motivator for insiders, but it often lacks visibility. On the flip side, however, lack of convenience is a key motivator for insiders to breach policy.
Organisations are understandably worried about the lack or difficulty in achieving oversight. How can you keep track of each interaction without impacting system performance or creating additional work for users?
-
Insider Threat Discovery Depends on Timeliness
If visibility into insider activity is a sacrifice of new technology or added headcount, then insider threat incident discoverability is the result of that sacrifice. While a data breach can damage an organisation’s reputation and bottom line, the time it takes to discover the breach can be just as harmful.
Consider: the time it takes to discover a data breach or insider threat incident could be the difference between a minor incident, and a major one. So long as malicious insiders can stay hidden, they have the opportunity to carry out prolonged policy breaches or malicious behaviour. Ultimately, this results in damage and skyrocketing costs.
-
Not All Insider Threat Monitoring Methods Are Equal
The truth is, visibility into user activity and maintaining a low time to insider threat detection rate are a huge problem, and not all tools address it effectively.
The best insider threat management tools focus on user activity, rather than bogging users down in file metadata collection and permissions. In addition, they should deliver rapid step-by-step breakdowns to help cybersecurity teams quickly investigate “risky” behaviour while empowering them to report on incidents more quickly, in an easy-to-understand format.
-
Understanding the People Behind Insider Threats is Crucial
As I mentioned earlier, not all insider threats are malicious or have bad intentions. Many, in fact, unwittingly perform out-of-policy actions that open the door to a data breach or damage. It is important to know who has access, have visibility into what they’re up to, and try to understand their motivations and challenges on an ongoing basis.
Insider Threat Management Doesn’t Have to be Difficult
Distinguishing ordinary insider behaviour from negligent and malicious behaviour can be daunting. But it doesn’t have to be! By taking the time to read through these five important insider threat points, you’re well on your way to building a comprehensive insider threat program at your organisation.
To help you continue along your path, we encourage you to read this checklist for preventing insider threat risks.